Field of the Invention
The present invention relates to an authority delegation system capable of delegating authority of a user to a client, a method, an authentication server system, and a storage medium therefor.
Description of the Related Art
As a cloud service has been generalized, there is an increased opportunity for a user to use a plurality of services in cooperation with one another. The service, or a web application, is a function provided by a server connected to a terminal via a network such as the internet. By making services cooperate with one another, a service provider can provide a new service to the user by adding value to a normal service. On the other hand, there arise some problems due to the cooperation of services.
In other words, there is a risk that information more than the user wants to exchange may be exchanged between the services, which may result in a problem such as leakage of user data or personal information. For example, although various services are available on the internet and could cooperate with one another, the user data or the personal information should not be operated by services except for those authorized by the user. Further, from a viewpoint of the service provider, it is preferable that a service cooperation system be implemented with ease.
In such a situation, a standard protocol known as “OAuth” has been developed in order to realize the cooperation in authorization. According to the OAuth, for example, if an application in one terminal accesses the data managed by the cloud service, the application needs to acquire an explicit authorization from a user.
With the authorization of the user, the application receives a token (hereinafter, referred to as “access token”) certifying the access authorization, and thus the application can realize the access by using the access token afterward. Hereinafter, an operation for issuing the access token is referred to as “authorization operation”. Japanese Patent Application Laid-Open No. 2013-145505 discusses a technique for issuing the access token by using the OAuth.